Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017 Ran by PC (administrator) on LENOVO-PC (22-09-2017 19:02:14) Running from C:\Users\PC\AppData\Local\Microsoft\Windows\INetCache\IE\PRYX1RMT Loaded Profiles: PC (Available Profiles: PC) Platform: Windows 8.1 (Update) (X64) Language: Norsk, bokmål (Norge) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe (Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe (Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe (Lenovo) C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe (Lenovo) C:\Program Files (x86)\Lenovo\UESDK\UESDK.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\Lenovo PhoneCompanion\adb.exe () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Pokki) C:\Users\PC\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe () C:\Program Files\Lenovo\iMController\AutoUpdate.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-06-10] (Realtek semiconductor) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1379544 2014-03-05] (Realtek Semiconductor) HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo) HKLM\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2015-03-02] (Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16093512 2015-03-02] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [8235848 2015-03-02] (Lenovo(beijing) Limited) HKU\S-1-5-21-3759523719-2122577075-1287637948-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0CE8362F-314E-46FA-BA55-A5CDFF9FD954}: [DhcpNameServer] 169.254.54.64 Tcpip\..\Interfaces\{94669213-A478-4FE7-8091-F194A2F06447}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3759523719-2122577075-1287637948-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-3759523719-2122577075-1287637948-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-3759523719-2122577075-1287637948-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com SearchScopes: HKU\S-1-5-21-3759523719-2122577075-1287637948-1001 -> DefaultScope {387F104A-E8B0-4506-8734-1A4EC136EC64} URL = SearchScopes: HKU\S-1-5-21-3759523719-2122577075-1287637948-1001 -> {387F104A-E8B0-4506-8734-1A4EC136EC64} URL = FireFox: ======== FF DefaultProfile: cxj9tknc.default FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\cxj9tknc.default [2017-09-22] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-22] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-22] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2017-09-22] CHR Extension: (Google Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-22] CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-22] CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-22] CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-22] CHR Extension: (Google Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-22] CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-22] CHR Extension: (Chrome Nettmarked-betalinger) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-22] CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-22] CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-22] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [592880 2014-07-10] () R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-12-13] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [328296 2014-11-21] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [561408 2014-09-23] (Lenovo) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.) R2 LenovoSetSvr; C:\Program Files (x86)\Lenovo\Lenovo Settings\LenovoSetSvr.exe [389680 2015-03-02] (Lenovo(beijing) Limited) R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2015-03-02] (Lenovo(beijing) Limited) R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited) R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1844024 2014-08-01] (Maxthon) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-26] (PointGrab LTD) R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-26] (PointGrab LTD) R2 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2015-03-02] (Lenovo) S3 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [308720 2015-03-02] (Lenovo) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [104696 2015-03-02] (Lenovo) R2 UESDK1.0; C:\Program Files (x86)\Lenovo\UESDK\UESDK.exe [319472 2014-07-19] (Lenovo) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [68880 2015-03-02] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [231152 2014-12-13] (Intel Corporation) R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NETwNb64; C:\windows\system32\DRIVERS\Netwbw02.sys [3494680 2014-12-08] (Intel Corporation) S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation) R3 nvvad_WaveExtensible; C:\windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R3 RTSPER; C:\windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-24] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [9121496 2014-06-10] (Realtek Semiconductor Corp.) R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-03-07] (Synaptics Incorporated) S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Corporation) R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Corporation) S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation) S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-22 19:01 - 2017-09-22 19:02 - 000000000 ____D C:\FRST 2017-09-22 09:56 - 2017-09-22 18:52 - 000000600 _____ C:\windows\ntbtlog.txt 2017-09-22 09:56 - 2017-09-22 09:57 - 000000000 ____D C:\KVRT_Data 2017-09-22 09:30 - 2017-09-22 09:30 - 000003296 _____ C:\windows\System32\Tasks\SweetLabs App Platform 2017-09-22 09:28 - 2017-09-22 09:29 - 000000000 ____D C:\NPE 2017-09-22 09:27 - 2017-09-22 09:33 - 000000000 ____D C:\Users\PC\AppData\Local\NPE 2017-09-22 09:27 - 2017-09-22 09:27 - 000000000 ____D C:\ProgramData\Norton 2017-09-22 08:40 - 2017-09-22 08:40 - 000002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-22 08:40 - 2017-09-22 08:40 - 000002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-09-22 08:36 - 2017-09-22 08:48 - 000000000 ____D C:\Users\PC\AppData\Local\Google 2017-09-22 08:36 - 2017-09-22 08:40 - 000000000 ____D C:\Program Files (x86)\Google 2017-09-22 08:36 - 2017-09-22 08:36 - 000003424 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-09-22 08:36 - 2017-09-22 08:36 - 000003296 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-09-22 08:18 - 2017-09-22 09:38 - 000001283 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk 2017-09-22 08:18 - 2017-09-22 09:38 - 000000000 ____D C:\ProgramData\LU 2017-09-22 08:13 - 2017-09-22 08:36 - 000000000 ____D C:\Users\PC\AppData\Local\Deployment 2017-09-22 08:13 - 2017-09-22 08:13 - 000000000 ____D C:\Users\PC\AppData\Local\Apps\2.0 2017-09-22 08:11 - 2017-09-22 08:53 - 000000000 ____D C:\Users\PC\AppData\LocalLow\Mozilla 2017-09-22 08:11 - 2017-09-22 08:15 - 000000000 ____D C:\Users\PC\AppData\Local\Mozilla 2017-09-22 08:11 - 2017-09-22 08:11 - 000000000 ____D C:\Users\PC\AppData\Roaming\Mozilla 2017-09-22 08:10 - 2017-09-22 08:11 - 000000000 ____D C:\Program Files\Mozilla Firefox 2017-09-22 08:10 - 2017-09-22 08:10 - 000000959 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-09-22 08:10 - 2017-09-22 08:10 - 000000947 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-09-22 08:10 - 2017-09-22 08:10 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-09-22 08:09 - 2017-09-22 18:55 - 000003920 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{04286780-BA86-4A77-9F45-70915429F43E} 2017-09-22 08:09 - 2017-09-22 09:32 - 000000000 ____D C:\Users\PC\AppData\Local\Lenovo 2017-09-22 08:09 - 2017-09-22 08:09 - 000000000 __SHD C:\Users\PC\AppData\LocalLow\EmieUserList 2017-09-22 08:09 - 2017-09-22 08:09 - 000000000 __SHD C:\Users\PC\AppData\LocalLow\EmieSiteList 2017-09-22 08:09 - 2017-09-22 08:09 - 000000000 __SHD C:\Users\PC\AppData\LocalLow\EmieBrowserModeList 2017-09-22 08:09 - 2017-09-22 08:09 - 000000000 __SHD C:\Users\PC\AppData\Local\EmieUserList 2017-09-22 08:09 - 2017-09-22 08:09 - 000000000 __SHD C:\Users\PC\AppData\Local\EmieSiteList 2017-09-22 08:09 - 2017-09-22 08:09 - 000000000 __SHD C:\Users\PC\AppData\Local\EmieBrowserModeList 2017-09-22 08:09 - 2017-09-22 08:09 - 000000000 ____D C:\Users\PC\AppData\Roaming\Macromedia 2017-09-22 07:53 - 2017-09-22 07:53 - 000002786 _____ C:\windows\System32\Tasks\CCleanerSkipUAC 2017-09-22 07:53 - 2017-09-22 07:53 - 000000845 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-09-22 07:53 - 2017-09-22 07:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-09-22 07:53 - 2017-09-22 07:53 - 000000000 ____D C:\Program Files\CCleaner 2017-09-22 07:50 - 2017-09-22 07:50 - 000000436 _____ C:\Users\PC\Desktop\Denne PCen - Snarvei.lnk 2017-09-22 07:45 - 2017-09-22 18:57 - 000003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3759523719-2122577075-1287637948-1001 2017-09-22 07:41 - 2017-09-22 07:41 - 000000000 ____D C:\Users\Public\Pokki 2017-09-22 07:41 - 2017-09-22 07:41 - 000000000 ____D C:\Users\PC\AppData\Local\DropboxOEM 2017-09-22 07:40 - 2017-09-22 18:52 - 000000000 ____D C:\Users\PC\AppData\Local\Packages 2017-09-22 07:40 - 2017-09-22 07:40 - 000001457 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2017-09-22 07:40 - 2017-09-22 07:40 - 000000000 ____D C:\windows\System32\Tasks\WPD 2017-09-22 07:40 - 2017-09-22 07:40 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2017-09-22 07:40 - 2017-09-22 07:40 - 000000000 ____D C:\Users\PC\AppData\Roaming\Adobe 2017-09-22 07:40 - 2017-09-22 07:40 - 000000000 ____D C:\Users\PC\AppData\Local\VirtualStore 2017-09-22 07:40 - 2017-09-22 07:40 - 000000000 ____D C:\Users\PC\AppData\Local\NVIDIA Corporation 2017-09-22 07:39 - 2017-09-22 07:39 - 000000118 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-09-22 07:39 - 2017-09-22 07:39 - 000000020 ___SH C:\Users\PC\ntuser.ini 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\Start-meny 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\Skrivere 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\Programdata 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\Mine dokumenter 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\Maler 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\Lokale innstillinger 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\Documents\Mine bilder 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\Documents\Min musikk 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\Documents\Intern video 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programmer 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\AppData\Local\Programdata 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\AppData\Local\Logg 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 _SHDL C:\Users\PC\AndrMask 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 __SHD C:\Users\PC\IntelGraphicsProfiles 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 ____D C:\Users\PC\AppData\Roaming\Intel 2017-09-22 07:39 - 2017-09-22 07:39 - 000000000 ____D C:\Users\PC\AppData\Local\NVIDIA 2017-09-22 07:38 - 2017-09-22 09:31 - 000000000 ____D C:\Users\PC\AppData\Local\SweetLabs App Platform 2017-09-22 07:38 - 2017-09-22 08:23 - 000000000 ____D C:\Users\PC 2017-09-22 07:38 - 2015-03-02 17:23 - 000000187 _____ C:\Users\PC\Desktop\Google Play Music.url 2017-09-22 07:38 - 2015-03-02 17:21 - 000000126 _____ C:\Users\PC\Desktop\Adobe Photo Offer.url 2017-09-22 07:38 - 2014-11-21 06:52 - 000000369 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2017-09-22 07:38 - 2014-11-21 06:52 - 000000369 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2017-09-22 07:38 - 2014-03-26 12:21 - 000000190 _____ C:\Users\PC\Desktop\FREE CALLS with Voxox.url 2017-09-22 07:36 - 2017-09-22 07:36 - 000000000 __RHD C:\Users\Public\AccountPictures ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-22 19:02 - 2013-08-22 17:36 - 000000000 ____D C:\windows\AppReadiness 2017-09-22 18:56 - 2013-08-22 17:36 - 000000000 ___HD C:\Program Files\WindowsApps 2017-09-22 09:35 - 2015-03-02 16:13 - 000724676 _____ C:\windows\system32\perfh01D.dat 2017-09-22 09:35 - 2015-03-02 16:13 - 000152032 _____ C:\windows\system32\perfc01D.dat 2017-09-22 09:35 - 2015-03-02 16:08 - 000426366 _____ C:\windows\system32\perfh00B.dat 2017-09-22 09:35 - 2015-03-02 16:08 - 000081450 _____ C:\windows\system32\perfc00B.dat 2017-09-22 09:35 - 2015-03-02 16:03 - 000449910 _____ C:\windows\system32\perfh014.dat 2017-09-22 09:35 - 2015-03-02 16:03 - 000077052 _____ C:\windows\system32\perfc014.dat 2017-09-22 09:35 - 2015-03-02 15:58 - 000455668 _____ C:\windows\system32\perfh006.dat 2017-09-22 09:35 - 2015-03-02 15:58 - 000079422 _____ C:\windows\system32\perfc006.dat 2017-09-22 09:35 - 2014-11-21 06:44 - 003290732 _____ C:\windows\system32\PerfStringBackup.INI 2017-09-22 09:35 - 2013-08-22 15:36 - 000000000 ____D C:\windows\Inf 2017-09-22 09:32 - 2015-03-02 17:20 - 000000000 ____D C:\ProgramData\Lenovo 2017-09-22 09:28 - 2013-08-22 16:45 - 000000006 ____H C:\windows\Tasks\SA.DAT 2017-09-22 09:27 - 2015-03-02 17:25 - 000002560 _____ C:\windows\system32\VfService.trf 2017-09-22 09:27 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\BBI 2017-09-22 09:17 - 2013-08-22 17:36 - 000000000 ____D C:\windows\system32\NDF 2017-09-22 08:30 - 2015-03-02 17:23 - 000000000 ____D C:\windows\System32\Tasks\Lenovo 2017-09-22 07:58 - 2015-03-02 17:27 - 000000000 ____D C:\ProgramData\McAfee 2017-09-22 07:57 - 2013-08-22 16:44 - 000346704 _____ C:\windows\system32\FNTCACHE.DAT 2017-09-22 07:55 - 2013-08-22 17:36 - 000000000 ___HD C:\windows\ELAMBKUP 2017-09-22 07:41 - 2013-08-22 15:25 - 000262144 ___SH C:\windows\system32\config\ELAM ==================== Files in the root of some directories ======= 2015-03-02 17:09 - 2015-03-02 17:09 - 000000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== 2017-09-22 08:10 - 2017-09-22 08:16 - 000307144 _____ (Lenovo) C:\Users\PC\AppData\Local\Temp\LenovoExperienceImprovement.exe 2017-09-22 08:10 - 2017-09-22 08:11 - 063610592 _____ (SweetLabs,Inc.) C:\Users\PC\AppData\Local\Temp\oct6865.tmp.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-02 16:25 ==================== End of FRST.txt ============================